Index: net/base/cert_verify_result.h |
diff --git a/net/base/cert_verify_result.h b/net/base/cert_verify_result.h |
index 7d885477db25b6a10b215cdec6b1fcb1c32a0706..b27a27d4388506cab8d8bbb76007c6b582a2222c 100644 |
--- a/net/base/cert_verify_result.h |
+++ b/net/base/cert_verify_result.h |
@@ -8,12 +8,14 @@ |
#include <vector> |
+#include "base/memory/ref_counted.h" |
#include "net/base/x509_cert_types.h" |
namespace net { |
-// The result of certificate verification. Eventually this may contain the |
-// certificate chain that was constructed during certificate verification. |
+class X509Certificate; |
+ |
+// The result of certificate verification. |
class CertVerifyResult { |
public: |
CertVerifyResult(); |
@@ -21,7 +23,16 @@ class CertVerifyResult { |
void Reset(); |
- // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h |
+ // The certificate and chain that were constructed during verification. |
wtc
2011/07/26 00:16:35
Nit: were => was
because only the chain was constr
|
+ // Note that the though the verified certificate will match the originally |
+ // supplied certificate, the intermediate certificates stored within may |
+ // be substantially different. |
agl
2011/04/18 13:50:27
I think it's worth noting that, in the event of a
|
+ scoped_refptr<X509Certificate> verified_cert; |
wtc
2011/04/20 23:39:30
It's better to return a CertificateList to avoid t
Ryan Sleevi
2011/04/20 23:44:34
As implemented, this means that the subject, issue
|
+ |
+ // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that |
+ // these status flags apply to the certificate chain returned in |
+ // |verified_certificate|, rather than the originally supplied certificate |
wtc
2011/07/26 00:16:35
Typo: verified_certificate => verified_cert
|
+ // chain. |
int cert_status; |
// Properties of the certificate chain. |